SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Surge in Palo Alto Networks scanning
Threat intelligence firm GreyNoise has seen a 40x surge in scanning aimed at Palo Alto Networks GlobalProtect portals. The company told SecurityWeek that its investigation is still in progress, but it has observed brute-force attempts on the login path ‘/global-protect/login.esp’. Palo Alto Networks has not responded to a request for comment.
Man pleads guilty to hacking former employer
Maxwell Schultz, a 35-year-old man from Ohio, has pleaded guilty to charges related to hacking into the network of his former employer. The hacker attack took place in 2021, after the unnamed company terminated Schultz’s employment in its IT department. According to the Justice Department, Schultz, who had worked as a contractor, impersonated another contractor to obtain login credentials. He then used the access to reset 2,500 users’ passwords, locking the company’s employees and contractors out of their computers and causing losses of more than $860,000.
NSO wants to overturn ruling that bans it from hacking WhatsApp
After a judge ordered it to stop hacking WhatsApp, NSO Group filed an appeal to overturn the ruling. The spyware maker managed to convince a court last month to significantly reduce punitive damages awarded by a jury and now it also wants to overturn the order blocking it from targeting WhatsApp users, arguing that the company will “suffer irreparable harm”.
WEL Companies data breach impacts over 120,000 people
American trucking company WEL Companies has informed the Maine Attorney General that a data breach suffered earlier this year has impacted more than 120,000 individuals. The hack was discovered in late January, and the RansomHub ransomware group took credit for the attack roughly one month later.
ATM jackpotting
Jackpotting is still used to steal money from ATMs. Police in Fairfax County, Virginia, are looking for a group of suspects who are believed to have installed malware on an ATM to withdraw cash without inserting a card. The suspects stole $175,000.
PlushDaemon APT uses new network implant in attacks
ESET has identified a new network implant that the Chinese APT tracked as PlushDaemon has been deploying to perform adversary-in-the-middle (AitM) attacks. Dubbed EdgeStepper, the implant directs DNS queries to a malicious node to hijack all traffic from legitimate infrastructure used for software updates and serve malicious payloads. Active since at least 2018, the APT has targeted entities in the US, Taiwan, China, Hong Kong, New Zealand, and Cambodia.
Twitter hacker ordered to repay $5.4 million
Joseph James O’Connor, a UK national convicted over the 2020 hacking of high-profile Twitter accounts, has been ordered by British authorities to repay $5.4 million in Bitcoin, Reuters reports. O’Connor, 26, was sentenced to prison in the US in 2023, after being arrested in Spain in 2021. British investigators obtained a civil order to seize 42 Bitcoin and other cryptocurrency assets linked to O’Connor’s activities.
CISA plans aggressive hiring to strengthen defenses against China
The US cybersecurity agency CISA is planning an aggressive hiring campaign to replenish its ranks in the wake of a potential conflict with China, Cybersecurity Dive reports. The agency suffers from a 40% staff shortage in key mission areas and is looking to hire qualified personnel by the end of fiscal year 2026, a recent internal memo reportedly reads. CISA reportedly terminated hundreds of people during the recent government shutdown.
AI second-order prompt injection attack
AppOmni details how second-order prompt injection attacks can be used to convince ServiceNow’s Now Assist AI agents to recruit more powerful agents to execute malicious tasks, such as create, read, update, and delete (CRUD) actions on record data and sending the contents of the records to external email addresses. The behavior is intended, but ServiceNow has updated its documentation.
Politically sensitive topics trigger DeepSeek AI to produce vulnerable code
CrowdStrike discovered that China’s DeepSeek-R1 produces code containing more security vulnerabilities in response to prompts that contain topics considered politically sensitive by Beijing. The output of code containing severe flaws would increase by up to 50%, CrowdStrike says. Otherwise, the quality of DeepSeek’s code output is comparable to that of other AI assistants used by developers. Similar DeepSeek coding bias was reported by CrowdStrike in September.
Related: In Other News: Deepwatch Layoffs, macOS Vulnerability, Amazon AI Bug Bounty
Related: In Other News: Controversial Ransomware Report, Gootloader Returns, More AN0M Arrests
